Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.stabyl.com/llms.txt

Use this file to discover all available pages before exploring further.

Authenticated routes require an API key in the X-Api-Key header: 
X-Api-Key: <api_key>
Keep API keys in server-side systems only. Do not embed keys in browser, mobile, desktop, or user-controlled code.

Key Handling Rules

RuleReason
Store keys in a secret manager or encrypted environment storeKeys authorize account activity
Use separate keys per serviceLimits blast radius and simplifies rotation
Do not log full key valuesLogs are copied and retained in many systems
Keep staging and production keys separatePrevents accidental live requests

Public Endpoints

Only these Mintlify-documented routes do not require an API key:
  • GET /partner/wallets/chains
  • GET /partner/wallets/fiat/banks
  • POST /simulate/fiat/deposits
  • POST /simulate/fiat/withdrawals
  • POST /simulate/crypto/deposits
  • POST /simulate/crypto/withdrawals
  • POST /simulate/kyb/status
  • POST /simulate/notifications/product-updates
All other documented routes require X-Api-Key.

Authentication Failures

StatusWhat it usually meansWhat to check
401The key is missing, invalid, inactive, or sent to the wrong environmentHeader spelling, key value, base URL, rotation state
403The key is valid but not allowed to perform the operationKey access and account readiness
429Requests are arriving too quicklyBackoff and reduce polling or retry loops
Authentication should be checked before request signing, order construction, or wallet logic. If the same key works for reads but not writes, confirm the key is enabled for the requested action.